Open Redirect Vulnerability in Open-AudIT Professional by Open-AudIT
CVE-2018-8937

6.1MEDIUM

Key Information:

Vendor: Open-audit
Status: Open-audit
Vendor: CVE Published:; 26 March 2018

What is CVE-2018-8937?

An open redirect vulnerability has been identified in Open-AudIT Professional 2.1 that allows attackers to inject a malicious payload through the redirect_url parameter of the /login URI. This flaw enables the execution of JavaScript code via a 'data:text/html;base64,' payload, creating a risk for users and systems if exploited.

References

https://nileshsapariya.blogspot.ae/2018/03/open-redirect-...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2018
Vulnerability Reserved
Mar 22, 2018

Open-audit

What is CVE-2018-8937?

References

CVSS V3.1

Timeline